import R from '@common/type/response';
import type { NextApiResponse } from 'next';
import * as userService from '@/common/service/sys_user';
import { AuthenticatedRequest, withAuth } from '@common/middleware/auth';

export async function handler(req: AuthenticatedRequest, res: NextApiResponse) {
  if (req.method !== 'POST') {
    R.errWithStatus(res, 405, 'Method Not Allowed');
    return;
  }

  const { user_id, new_password } = req.body;
  
  if (!user_id) {
    R.error(res, '缺少用户ID');
    return;
  }

  if (!new_password) {
    R.error(res, '缺少新密码');
    return;
  }

  try {
    const affected = await userService.resetUserPassword(Number(user_id), new_password);
    R.success(res, { message: '密码重置成功' });
  } catch (error: any) {
    R.err(res, error.message);
  }
}

export default withAuth(handler); 